Allow app configuration using org or repo name in lieu of installation id (#98)

* Allow app configuration using GITHUB_ORG_NAME and optional GITHUB_REPO_NAME instead of INSTALLATION_ID. This enables operators to configure the app without needing the installation ID, using the App ID and Private Key for retrieval. Previous authentication with GITHUB_INSTALLATION_ID still works normally.

* matching go-version to the updated code

* fixed failing test TestAppConfig_InitClient, handled nil httpClient in initAppClient()

* fixed failing test TestInitConfigAppWithoutInstallationID, InstallationID should be 0 in testAuth

* unset env GITHUB_INSTALLATION_ID that was being set in TestInitConfigApp()

---------

Co-authored-by: Guilherme Caulada <[email protected]>
Co-authored-by: Kostiantyn Kulbachnyi <[email protected]>

Author: 3 people

.github/workflows/pull_request.yaml

@@ -21,7 +21,7 @@ jobs:
           - amd64
           - arm64
         go-version: 
-          - '1.17'
+          - '1.22'
     steps:
 
       - uses: actions/checkout@v3
@@ -59,7 +59,7 @@ jobs:
     strategy:
       matrix:
         go-version: 
-            - '1.17'
+            - '1.22'
     needs:
       - build
     steps:

.github/workflows/release.yaml

@@ -18,7 +18,7 @@ jobs:
     strategy:
       matrix:
         go-version: 
-            - '1.17'
+            - '1.22'
     steps:
 
       - uses: actions/checkout@v3
@@ -84,7 +84,7 @@ jobs:
           - amd64
           - arm64
         go-version: 
-            - '1.17'
+            - '1.22'
     steps:
 
       - uses: actions/checkout@v3

go.mod

@@ -1,34 +1,38 @@
 module github.com/kalgurn/github-rate-limits-prometheus-exporter
 
-go 1.17
+go 1.21
+
+toolchain go1.21.3
 
 require (
-	github.com/bradleyfalzon/ghinstallation/v2 v2.0.4
-	github.com/google/go-github v17.0.0+incompatible
-	github.com/migueleliasweb/go-github-mock v0.0.8
-	github.com/prometheus/client_golang v1.12.2
-	github.com/stretchr/testify v1.7.1
-	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
+	github.com/bradleyfalzon/ghinstallation/v2 v2.2.0
+	github.com/google/go-github/v65 v65.0.0
+	github.com/migueleliasweb/go-github-mock v0.0.16
+	github.com/prometheus/client_golang v1.14.0
+	github.com/stretchr/testify v1.8.2
+	golang.org/x/oauth2 v0.6.0
 )
 
+require github.com/golang-jwt/jwt/v5 v5.2.1
+
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/go-github/v41 v41.0.0 // indirect
+	github.com/google/go-github/v50 v50.1.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
 	golang.org/x/crypto v0.0.0-20211209193657-4570a0811e8b // indirect
-	golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect
-	golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.27.1 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -4,19 +4,21 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"os"
 	"strconv"
 	"time"
 
 	"github.com/bradleyfalzon/ghinstallation/v2"
-	"github.com/google/go-github/github"
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/go-github/v65/github"
 	"github.com/kalgurn/github-rate-limits-prometheus-exporter/internal/utils"
 	"golang.org/x/oauth2"
 )
 
 func GetRemainingLimits(c *github.Client) RateLimits {
 	ctx := context.Background()
 
-	limits, _, err := c.RateLimits(ctx)
+	limits, _, err := c.RateLimit.Get(ctx)
 	if err != nil {
 		utils.RespError(err)
 	}
@@ -29,44 +31,37 @@ func GetRemainingLimits(c *github.Client) RateLimits {
 	}
 }
 
-func (c TokenConfig) InitClient() *github.Client {
-	ctx := context.Background()
-	ts := oauth2.StaticTokenSource(
-		&oauth2.Token{AccessToken: c.Token},
-	)
-	tc := oauth2.NewClient(ctx, ts)
-	return github.NewClient(tc)
-
+func (c *TokenConfig) InitClient() *github.Client {
+	return initTokenClient(c, http.DefaultClient)
 }
 
-func (c AppConfig) InitClient() *github.Client {
-	// Shared transport to reuse TCP connections.
-	tr := http.DefaultTransport
-
-	// Wrap the shared transport for use with the app ID 1 authenticating with installation ID 99.
-	itr, err := ghinstallation.NewKeyFromFile(tr, c.AppID, c.InstallationID, c.PrivateKeyPath)
-	utils.RespError(err)
-
-	// Use installation transport with github.com/google/go-github
-	return github.NewClient(&http.Client{Transport: itr})
+func (c *AppConfig) InitClient() *github.Client {
+	return initAppClient(c, http.DefaultClient)
 }
 
 func InitConfig() GithubClient {
 	// determine type (app or pat)
 	var auth GithubClient
 	authType := utils.GetOSVar("GITHUB_AUTH_TYPE")
 	if authType == "PAT" {
-		auth = TokenConfig{
+		auth = &TokenConfig{
 			Token: utils.GetOSVar("GITHUB_TOKEN"),
 		}
 
 	} else if authType == "APP" {
 		appID, _ := strconv.ParseInt(utils.GetOSVar("GITHUB_APP_ID"), 10, 64)
-		installationID, _ := strconv.ParseInt(utils.GetOSVar("GITHUB_INSTALLATION_ID"), 10, 64)
 
-		auth = AppConfig{
+		var installationID int64
+		envInstallationID := utils.GetOSVar("GITHUB_INSTALLATION_ID")
+		if envInstallationID != "" {
+			installationID, _ = strconv.ParseInt(envInstallationID, 10, 64)
+		}
+
+		auth = &AppConfig{
 			AppID:          appID,
 			InstallationID: installationID,
+			OrgName:        utils.GetOSVar("GITHUB_ORG_NAME"),
+			RepoName:       utils.GetOSVar("GITHUB_REPO_NAME"),
 			PrivateKeyPath: utils.GetOSVar("GITHUB_PRIVATE_KEY_PATH"),
 		}
 	} else {
@@ -78,3 +73,82 @@ func InitConfig() GithubClient {
 	return auth
 
 }
+
+// Helper function to allow testing client initialization with custom http clients
+func initTokenClient(c *TokenConfig, httpClient *http.Client) *github.Client {
+	if httpClient == http.DefaultClient {
+		ctx := context.Background()
+		ts := oauth2.StaticTokenSource(
+			&oauth2.Token{AccessToken: c.Token},
+		)
+		httpClient = oauth2.NewClient(ctx, ts)
+	}
+	return github.NewClient(httpClient)
+}
+
+// Helper function to allow testing client initialization with custom http clients
+func initAppClient(c *AppConfig, httpClient *http.Client) *github.Client {
+	if c.InstallationID == 0 && c.OrgName != "" {
+		// Retrieve the installation ID if not provided
+		auth := &TokenConfig{
+			Token: generateJWT(c.AppID, c.PrivateKeyPath),
+		}
+		client := initTokenClient(auth, httpClient)
+
+		var err error
+		var installation *github.Installation
+		ctx := context.Background()
+		if c.RepoName != "" {
+			installation, _, err = client.Apps.FindRepositoryInstallation(ctx, c.OrgName, c.RepoName)
+		} else {
+			installation, _, err = client.Apps.FindOrganizationInstallation(ctx, c.OrgName)
+		}
+		utils.RespError(err)
+
+		c.InstallationID = installation.GetID()
+	}
+
+	if httpClient == nil {
+		httpClient = &http.Client{}
+	}
+
+	if httpClient == http.DefaultClient {
+		tr := http.DefaultTransport
+		itr, err := ghinstallation.NewKeyFromFile(tr, c.AppID, c.InstallationID, c.PrivateKeyPath)
+		utils.RespError(err)
+		httpClient = &http.Client{Transport: itr}
+	} else {
+		// Wrap the existing transport
+		tr := httpClient.Transport
+		if tr == nil {
+			tr = http.DefaultTransport
+		}
+		itr, err := ghinstallation.NewKeyFromFile(tr, c.AppID, c.InstallationID, c.PrivateKeyPath)
+		utils.RespError(err)
+		httpClient.Transport = itr
+	}
+
+	return github.NewClient(httpClient)
+}
+
+// Helper function to generate JWT for GitHub App
+func generateJWT(appID int64, privateKeyPath string) string {
+	privateKey, err := os.ReadFile(privateKeyPath)
+	utils.RespError(err)
+
+	parsedKey, err := jwt.ParseRSAPrivateKeyFromPEM(privateKey)
+	utils.RespError(err)
+
+	now := time.Now()
+	claims := jwt.RegisteredClaims{
+		Issuer:    fmt.Sprintf("%d", appID),
+		IssuedAt:  jwt.NewNumericDate(now),
+		ExpiresAt: jwt.NewNumericDate(now.Add(10 * time.Minute)),
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
+
+	signedToken, err := token.SignedString(parsedKey)
+	utils.RespError(err)
+
+	return signedToken
+}